Updated Debian 9: 9.2 released

October 7th, 2017

The Debian project is pleased to announce the second update of its
stable distribution Debian 9 (codename stretch).
This point release mainly adds corrections for security issues,
along with a few adjustments for serious problems. Security advisories
have already been published separately and are referenced where available.

Please note that the point release does not constitute a new version of Debian
9 but only updates some of the packages included. There is
no need to throw away old stretch media. After installation,
packages can be upgraded to the current versions using an up-to-date Debian
mirror.

Those who frequently install updates from security.debian.org won't have
to update many packages, and most such updates are
included in the point release.

New installation images will be available soon at the regular locations.

Upgrading an existing installation to this revision can be achieved by
pointing the package management system at one of Debian's many HTTP mirrors.
A comprehensive list of mirrors is available at:

As a special case for this point release, those using the apt-get tool
to perform the upgrade will need to ensure that the dist-upgrade command is
used, in order to update to the latest kernel packages. Users of other tools
such as apt and aptitude should use the upgrade command.

Miscellaneous Bugfixes

Due to an oversight while preparing the point release, the usual update
to the base-files package to reflect the new version was unfortunately
not included. An updated package will be made available via stretch-updates
in the near future.

This stable update adds a few important corrections to the following
packages:

Relax the dependency of libldap-2.4-2 on libldap-common to also permit later versions; fix upgrade failure when olcSuffix contains a backslash; avoid reading the value of the LDAP_OPT_X_TLS_REQUIRE_CERT option from previously freed memory; fix potential endless replication loop in a multi-master delta-syncrepl scenario with 3 or more nodes; fix memory corruption caused by calling sasl_client_init() multiple times and possibly concurrently

New upstream stable version - send single character variable names to milters without {}; prevent MIME downgrade of Postfix-generated message/delivery status; work around Berkeley DB attempting to read settings from DB_CONFIG file